1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Updating Ingress Controller

Updating Ingress Controller

Starting with SCM 26.3, new Siebel CRM deployments use Traefik as the default ingress controller. New environments get a supported, modern ingress setup automatically—no customer action required. But if you are using SCM version earlier than 26.3, upgrade to SCM 26.3 and run the migration workflow in your environment. After migration, keep NGINX temporarily to validate and complete a controlled switchover. When validation is complete, remove the NGINX entry from your GitOps-managed configuration.

If you’re on an SCM release earlier than 26.3, follow these steps to update the ingress controller:

  1. Update SCM to 26.3. For more information, see Updating Siebel Cloud Manager with a New Container Image.
  2. Run the SCM migration workflow to migrate the ingress controller from NGINX to Traefik:
    1. Log in to the SCM container.
    2. Go to the cmapp directory:
      cd /home/opc/siebel-cloud-manager/scripts/cmapp/
    3. Run the migration script:
      bash migration.sh
    4. Select option 8 (Traefik migration) in the migration menu.
    5. Enter the env_id of the environment you want to migrate.

After the migration, SCM keeps the NGINX ingress Helm charts and releases, so you have time to validate Traefik and complete a controlled switchover. You’ll see a message similar to this:

"NGINX Ingress Helm charts and releases are retained post-migration to Traefik to allow time for switchover and validation. After transition is complete, you must manually remove the Nginx entry from the /home/opc/siebel/<env_id>/<scm_repo>/<flux_folder>/infrastructure/kustomization.yaml file and commit the changes to the repository."

After you confirm that Traefik is handling ingress as expected:

  1. Remove the NGINX entry from:
    /home/opc/siebel/<env_id>/<scm_repo>/<flux_folder>/infrastructure/kustomization.yaml
  2. Commit and push the change (GitOps-managed deployments).

From security standpoint, from SCM 26.3 onwards, TLS termination takes place at Traefik. That means, certificates and TLS configuration are managed at the Traefik ingress layer, and any HTTPS redirect logic must be implemented using Traefik constructs rather than relying on legacy NGINX annotations. For instructions about certificate management configurations, refer to relevant sections in this document.